Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
EverythingOracle
OraclesFusionIntelligence
SingleSignOnEBSAuthentication
HowSingleSignOnAuthenticationWorks
OBIEEreportsanddashboardscanonlybeaccessedfromwithintheEBusiness
Suite(EBS).TheauthenticationmechanismusedtovalidateOBIEEusershas
beendesignedtofacilitateasinglesignontheenduserlogsinoncetoEBS,
notintoOBIEEsothatfromanenduserperspectiveOBIEEappearstobefully
integratedwithintheEBSapplication.
AuthenticationworksonaroundrobinbasisinwhichtheEBSgenerates
signaturedata,whichitpassestotheendusersbrowsertheendusersbrowser
passesthissignaturedatatoOBIEE,andOBIEE,inturn,passesitbacktoEBS:
http://everythingoracle.com/obieefusionauth.htm
1/6
10/6/2016
EverythingOracle
EBSOBIEERoundRobinAuthentication
FirsttheenduserlogsontoEBSintheusualmanner(step1).Anentryforthe
sessioniscreatedintableICX_SESSIONS,withthesessionidentifieractingas
theprimarykey.Thistableisusedtoretainthestateofthesession.
WhentheenduserclicksonalinkcorrespondingtoanOBIEEdashboard(step
2),EBS:
Putsacookieinthewebbrowserscache,and
PassesaspeciallyconstructedURLtothewebbrowser.
Thecookiethatissenttothewebbrowsercontainsanencryptedversionofthe
sessionidentifier.TheURLthatispassedtothewebbrowsercontainsthe
addressoftherelevantOBIEEdashboard.TothisURLisadded,anadditional
parameter,acf,consistingofatendigitnumbergeneratedbyEBS.
TheURLisusedbythewebbrowsertoaccesstheBIPresentationServices,
whichhasbeenconfiguredtosupportexternalauthentication.Withthismodeof
authentication,OBIEEdoesnotaskforausernameandpassword,but,instead,
obtainscertainexternaldataitemsthataretobeusedasproxies.Inthepresent
case,theproxydataitemsaretheencryptedsessionidentifierandtheacf
parametervalue.
http://everythingoracle.com/obieefusionauth.htm
2/6
10/6/2016
EverythingOracle
ThetheBIPresentationServicesprocessretrievesthecookiefromtheweb
browser(inorderforthistobepossiblebothEBSandOBIEEmustbelongtothe
samenetworkdomain).ThentheBIPresentationServicesprocessassignsthe
valueofthecookietheencryptedsessionidentifiertoOBIEEsessionvariable
"NQ_SESSION.ICX_SESSION_COOKIE.TheBIPresentationServices
extractsthevalueofparameteracffromtheURLandassignsittosession
variableNQ_SESSION.ACF.
ThevaluesofthesesessionvariablesarepassedtotheBIServerprocess.The
BIServerprocessconnectstotheDBIcomponentofEBSusingasharedlogon
whichgivesitfullaccesstoalltheDBIdata.However,OBIEEalsosupportsthe
conceptofanExecuteonConnectscript:ifthisscriptsucceedstheuseris
authenticatedifnot,authenticationfails.OBIEEpassestoEBSthevaluesof
sessionvariablesNQ_SESSION.ICX_SESSION_COOKIEand
NQ_SESSION.ACFasparameterstotheconnectionscript.SoEBScanverify
thattheparametersithasreceivedcorrespondtoparametersithassent.In
particular,bydecryptingthesessionidentifier,andbylookingupthesession
stateintableICX_SESSIONS,EBScandeterminetheEBSresponsibilitiesofthe
user.ThisinformationcanthenbepassedbacktotheBIServeraspartofthe
sessioninitializationprocesstoestablishvaluesforadditionalsessionvariables.
TheBIServerwillusethevaluesofthesesessionvariablestorestrictthedatait
displaysbasedontheusersEBSresponsibilities.
ConfiguringtheProfileOptionName
NavigatetotheEBSadministrationscreenusedformanagingprofileoptions:
HomePage=>SystemAdministrator=>Profile=>System.Assigntoprofile
optionnameFND:OracleBusinessIntelligenceSuiteEEBaseURLthebase
addressusedtocommunicatewiththeBIAnswersandBIDashboards
componentsofOBIEE.
Todeterminethebaseaddress,navigatetotheBIPresentationServiceslogon
screen:Start=>AllPrograms=>OracleBusinessIntelligence=>Presentation
Services.Theportionofthewebaddressinthebrowsersaddressbarupto
andincludingtheportnumberisthebaseaddress.Forexample,iftheaddress
barshowed:
http://myobiee.myorg.com:9704/analytics/saw.dll?Dashboard
thenthebaseaddresswouldbe
http://myobiee.myorg.com:9704
ConfiguringExternalAuthentication
Navigatetodirectory<OracleBIDataHome>\web\configanduseastandardtext
editortoeditfileinstanceconfig.xml.AftertheDSNtagpair,addthefollowing
text:
<Auth>
<ExternalLogonenabled="true">
<ParamList>
<Paramname="NQ_SESSION.ICX_SESSION_COOKIE"
http://everythingoracle.com/obieefusionauth.htm
3/6
10/6/2016
EverythingOracle
source="cookie"nameInSource="<cookiename>"/>
<Paramname="NQ_SESSION.ACF"source="url"
nameInSource="acf"/>
</ParamList>
</ExternalLogon>
</Auth>
TheelementExternalLogonenabled="true"tellstheBIPresentationServices
processthatauthenticationwilltakeplaceviaexternallysuppliedinformationin
thiscase,usingacookieandaparameternamedacfthatisaddedtotheURL
usedtoaccessOBIEE.
Thevalueof<cookiename>mustmatchthatofthecookiesentbyEBStothe
enduserswebbrowser.Todeterminethecookienamedeleteallexisting
cookiesusingthefacilitybuiltintoyourwebbrowser.ThennavigatetoanOBIEE
dashboardlinkwithinEBS.Examinethecookielistusingyourwebbrowseror
thefilesystemtodeterminethecookienamethathasjustbeenaddedtothe
cookiecache.
TheBIPresentationServiceswillhavetoberestartedforthesechangestotake
effect.
ConfiguringtheEBSRepository
StarttheAdministrationTool:Start=>AllPrograms=>OracleBusiness
Intelligence=>Administration.OpentheEBSrepositoryonline:File=>Open
=>Online,andpressOpenwhenthepopupwindowappears(Administrator
isapredefinedrepositoryuserandithasnopassword).
SelectManage=>Variablesfromthemenu.ClickontheStaticnode,under
VariablesandRepositoryinthelefthandpane.Thescreendisplayshouldbe
asfollows:
EBSDataSourceNameandUserNameVariables
http://everythingoracle.com/obieefusionauth.htm
4/6
10/6/2016
EverythingOracle
VariableStatic_DSN_OLTPrepresentstheDataSourceNameusedtoconnect
toEBS.VariableStatic_USER_IDrepresentstheOracleusernameusedto
connecttoEBS.Editthevaluesofthesevariablesbydoubleclickingoneachin
turn.TheDataSourceNameshouldcorrespondtotheEBSconnectionname
foundinfiletnsnames.ora.Theusernameshouldbeonethathassufficient
privilegestoseealltheDBIdataneededfortheOBIEEreportsanddashboards.
ExpandthenodeinthePhysicallayer(thepaneontheright):
PhysicalLayershowingConnectionPools
BringuptheEBS_Query_PoolandEBS_Authentication_Poolinturnby
doubleclickingonthenodes:
OBIEEEBSConnectionPool
IntheGeneraltabforeachconnectionpoolchangethevalueofthePassword
fieldtomatchthatoftheusernameyouassignedtovariableStatic_USER_ID.
ClickOKtoexittheeditor.
http://everythingoracle.com/obieefusionauth.htm
5/6
10/6/2016
EverythingOracle
Whenallchangesarecomplete,selectFile=>Savefromthemenu,andpress
OKwhenaskedifyouwishtocheckinthechanges.
Copyright20072015PWGConsulting,AllRightsReserved
http://everythingoracle.com/obieefusionauth.htm
6/6